>Did you miss:>https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs#Setting_Share_Permissions_and_ACLsNo, this part of the wiki made me realize I have a problem. It talks about changes via the security tab. I don't have that tab. That is the whole problem. I gather from your previous answer setfacl needs to be used to sort that out. But I miss that part in the wiki. So either something is off with my install or the instructions to set the initial permissions with setfacl to get the security tab going are missing in the wiki. BC
On Sun, 5 Mar 2017 01:12:26 +0100 Bart Coninckx <info at bitsandtricks.com> wrote:> >Did you miss: > > >https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs#Setting_Share_Permissions_and_ACLs > > > No, this part of the wiki made me realize I have a problem. It talks > about changes via the security tab. I don't have that tab. That is > the whole problem. >No that isn't your whole problem, your main problem is that you are running a version of Samba that will not get ANY updates and is several versions behind the most up-to-date version, which means it is missing a lot of improvements. As for the missing security tab, this could be a windows problem, or it could be something in your smb.conf, so can you please post this. Rowland
On Sun, 5 Mar 2017 14:20:48 +0100 Bart Coninckx <info at bitsandtricks.com> wrote:> on the Windows site I checked a possible active group policy, but > there was none. Also, I don't have this problem voor sysvol or > netlogon. > > > This is my smb.conf > > > > # Global parameters > [global] > workgroup = DOMAIN > realm = DOMAIN.COM > netbios name = LX01 > server role = active directory domain controller > dns forwarder = 8.8.8.8 > idmap_ldb:use rfc2307 = yes > [netlogon] > path = /usr/local/samba/var/locks/sysvol/domain.com/scripts > read only = No > [sysvol] > path = /usr/local/samba/var/locks/sysvol > read only = No > [Data] > path = /data/smb/data > read only = No > [Maarten] > path = /data/smb/maarten > read only = No > [Erik] > path = /data/smb/erik > read only = No > Cheers, > BC >I think your problem is being caused by the OS not knowing your users and groups, have a look here: https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC But before you do that, UPGRADE your Samba version. I said that there have been a lot of improvements, one of them is the 'winbind' built into the 'samba' binary has been replaced by the same separate 'winbindd' binary used on a domain member, this by its self is worth upgrading for. Rowland
>I think your problem is being caused by the OS not knowing your users >and groups, have a look here:>https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DCI will look into that, cheers!>But before you do that, UPGRADE your Samba version. I said that there >have been a lot of improvements, one of them is the 'winbind' built >into the 'samba' binary has been replaced by the same separate'>winbindd' binary used on a domain member, this by its self is worth>upgrading for.>RowlandWould you advise to start new again or do an upgrade, respecting the current config and Active Directory? Cheers, BC
>I think your problem is being caused by the OS not knowing your users >and groups, have a look here: > >https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC > >But before you do that, UPGRADE your Samba version. I said that there >have been a lot of improvements, one of them is the 'winbind' built >into the 'samba' binary has been replaced by the same separate >'winbindd' binary used on a domain member, this by its self is worth >upgrading for. > >RowlandHi, I think I successfully upgraded to the latest version. I see Winbindd being started as a part of the samba process. As the Winbindd wiki page said "To run Winbindd on a Samba Active Directory (AD) domain controller (DC), in most cases no configuration in the smb.conf file is required.", I changed nothing in the smb.conf file, exept for adding a share. Again, this share does not show the Security tab. I have not yet added a pointer record for the server, but I doubt that will be related. Do you have pointers as to where the problem might be? Cheers, BC